Sign-up

ID

VAR-202506-0023


CVE

CVE-2025-5492


TITLE

D-Link DI-500WF-WT Command Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-12347

DESCRIPTION

A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub_456DE8 of the file /msp_info.htm?flag=cmd of the component /usr/sbin/jhttpd. The manipulation of the argument cmd leads to command injection. The attack can be launched remotely. D-Link DI-500WF-WT is a wireless network coverage device produced by D-Link of China. D-Link DI-500WF-WT has a command injection vulnerability, which is caused by the failure of the cmd parameter to properly filter special characters and commands in constructing commands. No detailed vulnerability details are currently available

Trust: 1.44

sources: NVD: CVE-2025-5492 // CNVD: CNVD-2025-12347

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-12347

AFFECTED PRODUCTS

vendor:d linkmodel:di-500wf-wtscope:lteversion:<=20250511

Trust: 0.6

sources: CNVD: CNVD-2025-12347

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-5492
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2025-12347
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2025-5492
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2025-12347
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-5492
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-12347 // NVD: CVE-2025-5492

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

sources: NVD: CVE-2025-5492

EXTERNAL IDS

db:NVDid:CVE-2025-5492

Trust: 1.6

db:VULDBid:310909

Trust: 1.0

db:CNVDid:CNVD-2025-12347

Trust: 0.6

sources: CNVD: CNVD-2025-12347 // NVD: CVE-2025-5492

REFERENCES

url:https://vuldb.com/?ctiid.310909

Trust: 1.6

url:https://www.dlink.com/

Trust: 1.0

url:https://vuldb.com/?id.310909

Trust: 1.0

url:https://vuldb.com/?submit.575244

Trust: 1.0

sources: CNVD: CNVD-2025-12347 // NVD: CVE-2025-5492

SOURCES

db:CNVDid:CNVD-2025-12347
db:NVDid:CVE-2025-5492

LAST UPDATE DATE

2025-06-14T23:00:36.369000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-12347date:2025-06-13T00:00:00
db:NVDid:CVE-2025-5492date:2025-06-04T14:54:33.783

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-12347date:2025-06-13T00:00:00
db:NVDid:CVE-2025-5492date:2025-06-03T11:15:21.023